Using Terraform with Google Cloud Platform — Part 1/n

This blog series is aimed at those who are interested in developing scalable cloud infrastructure and automating repetitive tasks. I’ll walk you through the setup process to get Google Cloud Platform and Terraform working together and show you how to create a basic virtual machine using 3 files and less than 40 lines of code.

First, let’s talk about how infrastructure development use to be accomplished. Let’s use an example and show how it might have been solved. Imagine we’re a system admin for a medium-sized company that has several well-known clients. One of those clients needs us to create 30 servers, all which have different disk sizes, memory, processors, and operating systems. Oh, and to make things more difficult, they’re in different regions and spread across different cloud vendors — Google Cloud Platform, Amazon Web Services, and Microsoft Azure.

What a nightmare! This is going to take us hours to set up, and we might make some mistakes if we’re not careful. We also have no way to easily test if everything is working, so it’ll likely take us days to debug if we’re not incredibly smart. Thankfully, we have tools like Terraform that allow us to turn a little bit of code into something that can plan, deploy, modify, and destroy all of our systems. If we’re able to get it working, we’ll also need to make some changes to each system, such as modifying the disk size and memory, so that our client isn’t wasting money on unused resources.

Instead of modifying an existing system using SSH, which is a mutable process, your systems are rebuilt from a well-reviewed template, validated for correctness, and then deployed if they pass all the required checks. This is what’s called “immutable infrastructure”. Here’s a good explanation on what immutable infrastructure is, along with some advantages to using this type of process.

Now let’s walk through several basic examples, define some important terms, and talk about the benefits of using Terraform.

Why should I use Terraform?

So, why do we want to use Terraform? Because doing things manually is inefficient, sometimes boring, and could also lead to misconfigurations and costly mistakes. We also want to be able to spend more time focusing on more important things, such as the security of our services, our product’s features, and things of that nature.

I don’t want to go in depth about all the features of Terraform because that’s already well documented on their introduction page.

Alright, let’s get into some basic examples on how to use Terraform with Google Cloud Platform.

Downloading, installing and configuring Terraform

The first thing you’ll want to do is download Terraform. I’m using macOS Sierra 10.12.6 and my shell is ZSH.

You’ll want to run the following commands to download, install, and configure Terraform.

If your output is the same as mine, you can move onto the next step. If not, try reopening your terminal window and check that you specified the correct location of the Terraform binary file.

Downloading and configuring Google Cloud SDK

Now that we have Terraform installed, we need to set up the command line utility to interact with our services on Google Cloud Platform. This will allow us to authenticate to our account on Google Cloud Platform, and subsequently use Terraform to manage our infrastructure.

Let’s get started, shall we?

Download and install Google Cloud SDK:

$ curl https://sdk.cloud.google.com | bash

. . .

$ source ~/.zshrc

2. Initialize the gcloud environment:

$ gcloud init

You’ll be able to connect your Google account with the gcloud environment by following the on-screen instructions in your browser. If you’re stuck, try checking out the official documentation.

Configuring our Service Account on Google Cloud Platform

In the following few paragraphs I’ll explain how to create a project, set up a service account and set the correct permissions to manage our project’s resources.

Create a project and name it whatever you’d like.

Create a service account and specify the compute admin role.

Download the generated JSON file and save it to your project’s directory.

Here’s an example from my service account dashboard.

Be warned, the JSON file you just downloaded should be protected from non-authorized users. Think of this as a private key or password to manage your infrastructure’s resources. For development purposes we can add a .gitignore file to our project, adding terraform-account.json so that it’s not committed to our repository.

Creating a Compute Engine Instance with Terraform

This is what you’ve been waiting for! We’re almost ready to use Terraform to create some VM instances. However, we have to do a few more things.

You’ll first need to create a few files to work with. The most important thing is that each file ends in file.tf. This allows Terraform to know what files to work with when initializing, planning, applying, and destroying.

The following providers do not have any version constraints in configuration,so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breakingchanges, it is recommended to add version = “…” constraints to thecorresponding provider blocks in configuration, with the constraint stringssuggested below.

* provider.google: version = “~> 1.1”

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running “terraform plan” to seeany changes that are required for your infrastructure. All Terraform commandsshould now work.

If you ever set or change modules or backend configuration for Terraform,rerun this command to reinitialize your working directory. If you forget, othercommands will detect it and remind you to do so if necessary.

You’ll now want to run the following command to see what we’re about to create and configure. Once again, your output should be similar.

$ terraform plan

Refreshing Terraform state in-memory prior to plan…The refreshed state will be used to calculate this plan, but will not bepersisted to local or remote state storage.

Terraform does not automatically rollback in the face of errors.Instead, your Terraform state file has been partially updated withany resources that successfully completed. Please address the errorabove and apply again to incrementally change your infrastructure.

Oh no, we have an error! Actually, I did this on purpose to help you learn how to troubleshoot common mistakes when configuring service accounts.

Keep in mind this is only a simple example on how to set up a barebones VM instance in Google Cloud Platform. Please make sure you know what you’re doing when working in a production environment.

If you want to do some more reading, check out the official Google Cloud Provider documentation pages. They’re very useful and contain all the syntax for setting up VM instances, VPC networks, firewall rules, and other resources.

The next part of this series will include steps to implement SSH key authentication and firewall rules and should be released by the second week of November 2017.